In Acunetix 360, you can view, fix and assign Vulnerabilities. You can also export them to an external file, or send them to another system (to JIRA, for example).
For further information, see Viewing Vulnerabilities in Acunetix 360, User Permissions Matrix in Acunetix 360, Review Scan Results and Imported Vulnerabilities, and Integrate Acunetix 360 with an Issue Tracking System.
The Lifecycle of a Vulnerability
This is how vulnerabilities are managed in Acunetix 360.
- Users create and run scans and wait for the results.
- All detected vulnerabilities in scans are listed in All Vulnerabilities.
- You can assign an Issue to another user from the All Vulnerabilities, or any other list by updating the Assignee dropdown. The assignee is advised via email that a new task has been assigned to them and the task status is set to Present.
- Once a user fixes the vulnerability and changes its status to Fixed (Unconfirmed), it is moved into the Retest list and Acunetix 360 automatically rescans the target web application to confirm the fix. If the vulnerability is fixed it will be closed, and marked as Fixed (Confirmed). Otherwise, Acunetix 360 will automatically reassign the vulnerability back to the original user, and the status will display as Present.
- Users assigned the Manage Issue (Restricted) permission, can view all scan reports and mark the state of an issue to Fixed (Unconfirmed), but they are not able to change the state of an issue to Accepted Risk or False Positive.